Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

CWmike writes "Police agencies worldwide are turning up the heat on a loosely organized group of WikiLeaks activists. After yesterday's news that UK police arrested five people, US authorities announced that more than 40 search warrants have been executed in the US in connection with last month's Web-based attacks against companies that had severed ties with WikiLeaks. Investigations are also ongoing in the Netherlands, Germany and France, the FBI said Thursday. Acting on information from German authorities, the FBI raided Dallas ISP Tailor Made Services last month, looking for evidence relating to one of the chat servers used by Anonymous. Another server was traced to Fremont, California's Hurricane Electric. On Thursday, a Web page used by Anonymous to coordinate this latest round of DDoS attacks was offline, and the group's Twitter and Blogspot pages were silent."
Reader Ajehals contributes a link to the UK Pirate Party's explanation of how the law applies to DDoS attacks.

Anonymous cannot be destroyed by prosecuting its individual members. In order to charge someone, the prosecution must first de-anonymize that person, which immediately voids their membership in Anonymous.

It's pretty hard to make your connections anonymous the whole time. Tor is mighty slow and blocked in many sites. I'm not sure which of the other options are very reliable. Open wifi is not always available. And if it's your neighbor's, well, that's pretty close to you.

It's nice to know that when corporate interests are threatened, the US Government is more than willing to come to the rescue and do their bidding.
Of course, when Goldman Sachs lies, cheats, and defrauds the American people, the US government looks the other way.

Err...they didn't look the other way. They were willing to do whatever it takes to rescue Goldman Sachs too.

If they didn't rescue Goldman Sachs, who would have given Facebook the billion dollars? Thanks to the prompt response by the Federal government, I may finally get a working Facebook app for my iPhone. So think before you talk!

It's nice to know that when corporate interests are threatened, the US Government is more than willing to come to the rescue and do their bidding. Of course, when Goldman Sachs lies, cheats, and defrauds the American people, the US government looks the other way.

That's besides the point because they're not paying for the damage caused to the economy by the fear of collapse they caused, also they make every penny back by taking advantage of the current financial conditions.

You do know that this group terrorize and sends death threats to underage girls?

yeah, a bunch of wonderful people~

Even I know that describing Anonymous as a "group" completely misses the point that Anonymous is comprised of people of many nebulous, amorphous and ever-changing affiliations, any two of whom are at any time are likely to be working at cross-purposes or do utterly contradictory things.

You -- and everyone else, in particular politicians and media organisations -- appear to be determined to put a face on something that by definition has none.

The guy who nabbed Palin's email wound up in the joint, and I can guarantee you that others have been busted before as well. They just didn't make a big splash or even mention Anonymous because it was likely small incidents, ie, this guy was sending death threat emails and was prosecuted, but it's entirely possible that the cops never even knew that 4chan was involved.

If I remember correctly, wasn't the DDoS of WikiLeaks done with a traditional malware controlled botnet, while the Anonymous DDoS's were done with an opt-in botnet? To me, it seems like that would make it easier to track down the members of Anonymous who participated than it would be to track down those who were controlling the anti-Wikileaks botnet.

Except the FBI stands a very real chance of losing some cases if they target people who only ran the LOIC. And punishments will seem excessive even if they win. Instead, they'll probably prosecute only the people who controlled LOIC through IRC. Those people really should've made themselves Anonymous by using Tor.

I'm sure the subject line drew some rolled eyes or a wistful smile. You know why? Because we all know that any legal avenues to get what we want from the government are closed. And guess what kind of avenues people take when their legal ones are exhausted. The French Revolution was illegal as hell, too.

Nope, didn't get me to roll my eyes. Those who support wikileaks have *not* exhausted the legal avenues available to them. At least try. Seriously, write your congressman. Comparing this to other events in history at this point is just dumb. I myself wouldn't mind a bit more transparency (not as much as wikileaks, though). You'd probably be surprised of the amount of support you'd get if you did this with democracy.

It comes down to how much confidence you have in the system. If you have a lot of confidence, then yeah, you'd believe that you'd share your views with your representatives, and they in turn would apply the correct political pressure to shape the government to match.
If you little or no confidence in the system, then you don't believe that anything you do will be able to change the government. Being governed without representation is tyranny.

I was wondering when they'd start doing this one. Many of the attacks were done using a program called "low orbit ion cannon," essentially an opt-in botnet: run the program and it waits for a signal from a master node, then starts spamming requests at the specified target. Meaning that the participants in the attacks, far from the usual unknowing and unwilling infected, were in fact choosing specifically to join in the action. What's more, the nature of a DDoS makes proxy use counter-productive and ineff

I think you're missing the point. People knew they were putting themselves at risk. It was deemed to be worth the risk because joining those attacks was considered the right thing to do. Perhaps people just thought with thousands of people joining in what were the chances of them being pulled before a judge over it.

It's silly to think that people had no idea what they were doing. I don't think anyone could know so little about computers as to believe they were 'anonymous' while using LOIC.

I'm kind of interested in what's going to happen here. It was widely reported on every news affiliate that Anonymous was PROTESTING these companies. I heard several news casters compare the DDOS attack to a picket line outside a business. The picketers make it harder for customers to go to the business, just like a DDOS attack does.I'd like to see what the supreme court makes of it. After all, the companies that were targeted certainly had the means to thwart the attack, Paypal and Amazon didn't even have a

The problem with calling a DDOS "unauthorized access" is that the access is implicitly authorized by the server being on the internet. The real world analogy here is getting your hundred closest friends to visit WalMart and go through the checkout lines VERY VERY SLOWLY. You have the intent to negatively impact their business, and you are acting recklessly, but that is only 2/3 (well, more like 9/10) of the criteria for violating the laws in question here. You are not using their store without authorization (they have to TELL YOU TO LEAVE before they have any legal relief for your being there).

You are not using their store without authorization (they have to TELL YOU TO LEAVE before they have any legal relief for your being there).

Citation needed. Really. I can pretty much guarantee that a group of 100 would be charged without necessarily being asked to leave. Tresspass, unlawful assembly, disturbing the peace... the particular charge would vary from jurisdiction to jurisdiction; but don't mistake private damage control with a legal requirement.

The problem with calling a DDOS "unauthorized access" is that the access is implicitly authorized by the server being on the internet.

No, since you're implying that the implicit authorization is unlimited rather than limited to expected or customary activities. Want a REAL real world example? Student newspaper theft. You are implicitly allowed to take one free paper (or, practically, a few) due to the papers being set out in a kiosk or bin. You are not allowed to take every paper with the intent of preventing others from obtaining them or the paper delivering them. Really [splc.org]. You don't have to be told not to do it [splc.org].

You can be charged with a crime for taking something that is being given away for free when you exceed the scope of an implicit authorization, and you can be charged with a crime for entering into locations that exceed the scope of an implicit authorization. Really [google.com]. You don't have to be told not to do something unusual [opengovva.org].

There is nothing magical about a DDOS when it comes to the explicit or implicit authorization that you may have to interact with someone else's computers and services. It's criminal. You damn well know it. Protest is not a legal justification; so welcome to the real world, where you may end up with a criminal record no matter how worthy you, rather than society at large, believe your cause to be.

The newspaper theft references apply to the LOIC specifically, but not to something like my WalMart example or a very-very-distributed DOS such as the/. effect, where any single person is NOT exceeding the normal scope of authorization.

That is, if I take all of the free newspapers, it is very likely that I am breaking the law. But if I take one newspaper, and you take one, and Bob takes one, none of us have committed a crime. We haven't even conspired to commit a crime (since we actually did the thing, and

The problem with calling a DDOS "unauthorized access" is that the access is implicitly authorized by the server being on the internet. The real world analogy here is getting your hundred closest friends to visit WalMart and go through the checkout lines VERY VERY SLOWLY. You have the intent to negatively impact their business, and you are acting recklessly, but that is only 2/3 (well, more like 9/10) of the criteria for violating the laws in question here. You are not using their store without authorization (they have to TELL YOU TO LEAVE before they have any legal relief for your being there).

The problem with this "real world analogy" is that it doesn't take into account the "real world" laws criminalizing this behavior in the United States. There is a difference between "unauthorized access" and "exceeding authorized access". The latter can lead to prosecution under federal law.

My sources:
Title 18, United States Code, Section 1030
Title 18, United States Code, Section 1029

As I tried to explain in the linked article, "authorisation" wrt websites seems to be a really problematic area. I think due to a lack of case law (or statutes; probably a good thing) no one is quite sure how websites work legally. While some Internet stuff (particularly contracts, sales etc.) was supposed to be sorted out (in the EU) by the 2002 E-Commerce Directive, there still seems to be a lot of confusion over how the Internet works, although as we gradually get more judges and lawyers used to the Inte

Don't be a useful idiot. Don't take your marching orders from people on the interet who don't give a fuck about you. A DDOS attack like the one 4-chan (let's call them what they are) did, could have actually been anonymous had the morons actually been hackers. This is what it looks like when one pseudo-hacker can write a DDOS program, and a bunch of tech-illiterate morons run it on their network without actually knowing what it's doing, or how to mask their identity.

I think the point that law enforcement is trying to make is that finding you is easier than you think. Win-Win for both sides because the FBI gets to look savvy and Anonymous is required to step up their game.

What did they really expect when they downloaded and used LOIC to DDOS? That somehow they would be protected because of the political nature of the attack, or that they'd be off the hook because someone else actually points that cannon? Talk about stupid.....

There's probably a bunch of people who installed the software on other people's computers, or maybe just ran it on other people's wifi nets. That is what is to be expected. Do we have to tell these people, so eager to don their Guy Fawkes masks and join

Maybe they do realize but don't care? Their goal here is not to "take down anonymous" it's to prosecute the specific people who broke the law by organizing the DDoS attacks. Whether that means arresting all of anonymous or 1/10000 of it is irrelevant. Note that their warrant did not come from some generic anonymous IRC channel, but the logs of the actual coordination of the attacks.

Wow, is that an idiotic law or what? So the officer has no right to kill people while trying to arrest them except where there is a very real chance of death, but a person being arrested has an automatic right to kill the officer? My god your country is insane.

Oh, wait, it doesn't say that you have the right to kill an officer (except where it occurs as the result of resistance of excessive use of force) - it says you'll only be charged with manslaughter instead of murder for killing them. Still carries

Do they not realize the dynamic structure of anonymous? That an activist involved in one campaign might not be involved, or indeed care about, the next?

The hint is in the article: "loosely organized".

This isn't about punishment, it's about deterrence. Remove the sense of anonymous invulnerability and some will think twice about engaging in the activity, even if they got away with it before. It moves from a mindset of "there can't be consequences" to a mindset of "there could be consequences". It's the same tactic the RIAA uses.

True, but if they fail to get anybody in jail, all it's gonna do is provide definite proof that Anonymous is untouchable by the world's governments, helping them attract more people into their ranks.

I'd say I'd hope the government planned this well beforehand, but I'd rather they lose and Anonymous get even larger. Which is what'll likely happen, given how effective these "public displays" tend to be.

True, but if they fail to get anybody in jail, all it's gonna do is provide definite proof that Anonymous is untouchable by the world's governments, helping them attract more people into their ranks.

I'd say I'd hope the government planned this well beforehand, but I'd rather they lose and Anonymous get even larger. Which is what'll likely happen, given how effective these "public displays" tend to be.

That's a highly unlikely scenario. There are existing laws covering DDoS, and I'm sure of three things: (1) the targets have forensic logs recording, at a minimum, timestamps with source IP addresses, (2) the ISPs have names and street addresses associated with those IP addresses and (3) there will be lots of folks who used their own systems for the attacks.

It's difficult, maybe impossible, to draw a direct correlation, but the popularity of legitimate media sources has been increasing dramatically. Netflix, Hulu, iTunes, Vudu, etc. are all doing quite well. Were the civil lawsuits an influencer? Maybe, maybe not. I sure as hell don't know, but it's interesting to consider.

Cops know that most people speed, but they also know that if they don't write any traffic tickets then everyone will speed.

Well, I can only speak for me and friends, but for us it's convenience.

After Steam, we never bother pirating games any more. The act of searching, finding a good version, hassling with cracks and all that.. Not worth it. Buy on Steam. Get instant high-speed download, install on multiple computers, automatic updates, easy to reinstall if computer borks... Pirating games? Feh, too much work (while still being much less than buying in store and mucking about with CD's and such).

Music? After Spotify, we never bother to download. Too much hassle. Spotify have almost all avaliable, streaming, easy sharing, sync to my android.. Downloading, waiting, finding the one single actually good rip? Feh, screw that.

So, the only thing left is movies and tv shows. Here in Norway the only alternative we got is Voddler, which is lower quality and less convenient (forced commercials? feh) than downloading. And DVD? "You have to see all these trailers of years-old movies and silly anti pirate ads first! Muahahaha" - Seriously.. Even when I buy DVD's, the first thing I do is to rip them to remove the crap and the reliance on the physical disk. Get a good streaming service (with MINIMUM youtube 720p quality and either own bought movies (no silly renting please) or reasonable monthly fee), and I'll stop pirating that too.

It's simple. Video content industry is getting their ass handed to them on both quality and convenience. Get something that is at least equal in those to what the pirates offer, and you'll see an uptake.

Actually, you could argue that the tearing down of Napster as a P2P network and rebuilt as a legitimate source of music proved that older models of music distribution worked, and in that vein, we now have Amazon MP3, iTunes, Pandora, etc and that wouldn't have happened with out the litigation against Napster.

Cops know that most people speed, but they also know that if they don't write any traffic tickets then everyone will speed.

That logic only goes so far though. Sure, speeding presents an inherent danger in places like residential and commercial districts, but there are plenty of speed traps on rural highways as well, which means the deciding factor is not safety, but money. Safety is just a nice externality.

Cops know that most people speed, but they also know that if they don't write any traffic tickets then everyone will speed.

That logic only goes so far though. Sure, speeding presents an inherent danger in places like residential and commercial districts, but there are plenty of speed traps on rural highways as well, which means the deciding factor is not safety, but money. Safety is just a nice externality.

I never said it was about safety. I said it was about deterrence, and used a speeding ticket as a simple example of a deterrent.

I "blame" that shift from copying to buying more on the fact that the service now is closer to what people want. The reduction is pretty much in accordance with what a study I did almost a decade ago came up with.

There were three main reasons given for copying (the survey was anonymous, so nobody had to fear prosecution, of course there is still the possibility of lying, but I would guess most people answered truthfully):

I think it quite likely has slowed down piracy. I used to download pirated movies many years ago. But as I've grown older and gained a house, cars, stock funds and 401ks, and meanwhile watched many people get sued over piracy, I've definitely changed my ways. I've come to realize that $15 for a DVD, or better yet $8.99/month for Netflix streaming, isn't worth worrying about versus potentially losing my house by getting sued into bankruptcy. Perhaps the risk is minor, but it's still a risk, and the lawsu

Yes, at least some people are taking that potential cost into account. However,, I don't think the industry has that strategy driving their actions. The RIAA and MPAA tend to publicly stress that piracy is totally free (financially), and that's why they have such a hard time competing. One argument they make in international trade discussions and for justifying tougher international copyright enforcement is that lowering prices can't work, because there is no effective price point vrs. absolutely free.

You're exactly right, and that's why they hate Anonymous so much. Most other terror organizations can be destroyed merely by taking out their head men. Anon doesn't work that way. Arrest the LOICers, Anon gets pissed off and LOICs. Arrest Moot, Anon gets pissed off and LOICs. Do nothing, Anon gets pissed off and LOICs. They have no control over them, and that's why they can't stand them.

I think an organization making a sustained and coordinated attack against financial infrastructure comes close enough. Sure they attacked only the customer facing facets of those organizations while the critical stuff chugged along just fine, but it's still pretty alarming that they really even tried.

Also, I think their well documented history of targeting strangers with harassment and death threats (just for the lulz) qualifies.

Anonymous is literally any group of people online willing to work together on a common action. That's impossible to end because it's woven into the very fabric of social interaction of which the internet is but a subset. The internet just created a critical mass effect by allowing an effectively limitless number of people to agree to do things together virtually instaneously. Anonymous is the power of people realizing that they don't need organizations to accomplish simple goals, just people willing to agre

Actually I am relatively unfamiliar with the LOIC operation, and I said jack-all about 'social networking' because even though that's what worries governments, that's the exact opposite of Anonymous. Sounds more like you don't know what Anonymous is and you're projecting your ignorance on me. Here's a hint newfag, I used to hang on #insub before there was an ED, was reading SA when JeffK was a new feature, been on 4chan since teh Rei, and literally partied hard with Jason Fortuny (who makes fine burgers, you'd be surprised to know). The only people who have more net cred than me were around before Endless September, but thanks for giving me an excuse to whip out my e-peen.

I doubt they care. They arrest a few kids for a shock and awe publicity stunt.

Be serious, do you think 40 or 400 arrests would make a difference, traffic-wise? It's the same "sue the few, scare the many" tactics the RIAA et al tried for a while. And as we all know, it worked like a dream...

Wikileaks has its own set of lawyers and big piles of money. (They say they require millions of dollars a month to operate.) They are likely just busy doing something else, like defending themselves against other threats.

It was only done as a scare tactic. Technically, each attack has its own leader based on the cause. I am assuming that the DDoS stuff that made news was all a singular, planned attack. The person running the show wrote the program or had somebody write it and then gave it out. It sounds like what they are after are the ways most of these guys communicate with each other. What I don't understand is how in the hell 4chan is still up while they are doing all of this. They are raiding ISP's, Power plants for electricity all for chat logs, but 4chan is still up. Are you seriously telling me that 4chan's lawyers are so good that the FBI can't touch them? Other Child Porn sites that try and say "what the user posts I have no responsibility for" still get shut down. I know that 4chan is not all script kiddies and child porn, but if this is one of the meeting points, why keep it up unless you want to keep it up. Maybe keep it up so that you have a reason to continue pushing through these stuff.

It is so simple to stop the bigger attacks. I am guessing they use specific irc channels and 4chan to communicate. Ok, shut down that irc server until they can get their stuff together with the people making hacking channels (when I log into irc, there are way too many servers anyway, so no harm no foul for me), and shut down 4chan. That would put a HUGE dent in these attacks. Sure, based on the structure (or lack there-of) with anon, attacks will still happen, but the really big ones will be pretty much gone. But if they find out this information, how are they going to get away with raiding ISP's for chat logs? I am sorry, but that is stupid. There are better ways to go about it.

4chan is a potential honeypot. If the partyvan doesn't already have a backdoor into that site then they aren't doing their jobs. Besides, I think they'd rather keep most of this shit contained to one corner of the internet instead of taking them down and watching the/b/tards spread to the internet at large.

The cops have to know about it to get the logs, and there's a LOT more that goes on in 4chan than the cops could know just by picking low-hanging fruit. Moot isn't an idiot. When a warrant/subpoena is served, he'll comply (why stick his neck out for/b/tards?), but the cops have to send that info first, and they need some pretty specific info (ie, the thread ID) to get it. A full backdoor would give them access to logs for their perusal instead of occasionally stumbling on something and sending out for reco

Craigslist hookers were far more visible an abhorrent to the public than/b/tards jacking off in some dark corner of the internet. Shutting down the CL adult services was VISIBLY closing out an area that was used almost exclusively for illegal activities. 4chan is a bit different. Very little of the general public would even know if the cops shut down 4chan. When/b/tards start going on killing sprees, then maybe there will be enough press activity for them to move ahead. As it is now, most of the public mi

From what I read in The Register's coverage, e.g. here [theregister.co.uk], the tool they used is just the "LOIC [wikipedia.org]" (Low Orbit Ion Cannon (named for the weapon from the C&C games)). AFAICT, the tool itself does nothing to anonymise users, so unless the people involved do it with a spoofed MAC from someone else's WIFI, they're going to get caught pretty easily.

As for shutting down 4chan, it wouldn't achieve anything, they'd just move somewhere else. Secondly, I'd wager the FBI, police etc get too many easy arrests (like the

Hmm, it just makes more sense in my head to stop one system rather then allowing for it to continue for prosecution purposes. If you are known for punching people in the face randomly, what would be a better solution to stop you from punching people in the face: cut off your hand, or charge you with assault and battery? Yes, I realize it is also a crime to chop of people's hands, but you can see my point. Stop it at the source. What happened happened, and investigating is only going to stir stuff up and

It's one thing if the search warrant is "search one specific individual's home looking for his PC and trying to get log information on it." It's quite another if the search warrant is "order Comcast to produce all the information they have on the following list of 45000 IP addresses." Sometimes the Feds tell you one kind of number, sometimes they tell you another. (For instance, the numbers of legal wiretaps they'll admit to are usually quite small, obfuscating the broad scope of some of those wiretaps,

Hacktivism has plenty merit in my book, but when up against a government it's quite a challenge. The uncensorable internet is extremely censorable. Copyrights, defamation, trademarks, lawsuits, arrests, and all kinds of stuff are each day more easily used to censor more and more. Egypt and a bunch of other nations, and wikileaks have been examples in the media, but there are lots of other ways everyone is just bottom line censored. There are legal and civil details and complexities of course, but bottom